diff --git a/app/controllers/application.rb b/app/controllers/application.rb
index 96b7bbc..555086d 100644
--- a/app/controllers/application.rb
+++ b/app/controllers/application.rb
@@ -84,4 +84,10 @@ class ApplicationController < ActionController::Base
     # TODO: check access control
   end
 
+  # declares that the given <tt>actions</tt> cannot be accessed by other HTTP
+  # method besides POST.
+  def self.post_only(actions, redirect = { :action => 'index'})
+    verify :method => :post, :only => actions, :redirect_to => redirect
+  end
+
 end
diff --git a/app/controllers/features_controller.rb b/app/controllers/features_controller.rb
index e931fe7..ab4faa2 100644
--- a/app/controllers/features_controller.rb
+++ b/app/controllers/features_controller.rb
@@ -5,8 +5,14 @@ class FeaturesController < ApplicationController
     @features = VirtualCommunity.available_features
   end
 
+  post_only :update
   def update
-    @virtual_community.enabled_features = params[:features].keys
+    features = if params[:features].nil?
+                 []
+               else
+                 params[:features].keys
+               end
+    @virtual_community.enabled_features = features
     @virtual_community.save!
     flash[:notice] = _('Features updated successfully.')
     redirect_to :action => 'index'
diff --git a/test/functional/application_controller_test.rb b/test/functional/application_controller_test.rb
new file mode 100644
index 0000000..f865bdf
--- /dev/null
+++ b/test/functional/application_controller_test.rb
@@ -0,0 +1,27 @@
+require File.dirname(__FILE__) + '/../test_helper'
+require 'test_controller'
+
+# Re-raise errors caught by the controller.
+class TestController; def rescue_action(e) raise e end; end
+
+class ApplicationControllerTest < Test::Unit::TestCase
+
+  fixtures :profiles, :virtual_communities, :domains
+
+  def setup
+    @controller = TestController.new
+    @request    = ActionController::TestRequest.new
+    @response   = ActionController::TestResponse.new
+  end
+
+  def test_get_against_post_only
+    get :post_only
+    assert_redirected_to :action => 'index'
+  end
+  def test_post_against_post_only
+    post :post_only
+    assert_response :success
+    assert_tag :tag => 'span', :content => 'post_only'
+  end
+
+end
diff --git a/test/functional/features_controller_test.rb b/test/functional/features_controller_test.rb
index 25ee0fe..700f462 100644
--- a/test/functional/features_controller_test.rb
+++ b/test/functional/features_controller_test.rb
@@ -12,10 +12,10 @@ class FeaturesControllerTest < Test::Unit::TestCase
     @controller = FeaturesController.new
     @request    = ActionController::TestRequest.new
     @response   = ActionController::TestResponse.new
-    uses_host 'anhetegua.net'
   end
 
   def test_listing_features
+    uses_host 'anhetegua.net'
     get :index
     assert_template 'index'
     VirtualCommunity.available_features.each do |feature, text|
@@ -23,12 +23,32 @@ class FeaturesControllerTest < Test::Unit::TestCase
     end
   end
 
-  def test_update_features
-    get :update, :features => { 'feature1' => '1', 'feature2' => '1' }
+  def test_update
+    uses_host 'anhetegua.net'
+    post :update, :features => { 'feature1' => '1', 'feature2' => '1' }
+    assert_redirected_to :action => 'index'
+    assert_kind_of String, flash[:notice]
+    v = VirtualCommunity.find(virtual_communities(:anhetegua_net).id)
+    assert v.enabled?('feature2')
+    assert v.enabled?('feature2') 
+    assert !v.enabled?('feature3')
+  end
+
+  def test_update_disable_all
+    uses_host 'anhetegua.net'
+    post :update # no features
     assert_redirected_to :action => 'index'
     assert_kind_of String, flash[:notice]
-    v = VirtualCommunity.find(virtual_communities(:colivre_net).id)
-    assert v.enabled?('feature1') && v.enabled?('feature2') && !v.enabled?('feature3')
+    v = VirtualCommunity.find(virtual_communities(:anhetegua_net).id)
+    assert !v.enabled?('feature1')
+    assert !v.enabled?('feature2')
+    assert !v.enabled?('feature3')
+  end
+
+  def test_update_no_post
+    uses_host 'anhetegua.net'
+    get :update
+    assert_redirected_to :action => 'index'
   end
 
 end
diff --git a/test/mocks/test/test_controller.rb b/test/mocks/test/test_controller.rb
index 693af0a..4f5fd57 100644
--- a/test/mocks/test/test_controller.rb
+++ b/test/mocks/test/test_controller.rb
@@ -1,2 +1,10 @@
 class TestController < ApplicationController
+  def index
+    render :text => 'index'
+  end
+
+  post_only 'post_only'
+  def post_only
+    render :text => '<span>post_only</span>'
+  end
 end
--
libgit2 0.21.2